KEYCLOAK-3194 Fix fuse adapter. Remove karaf related steps from README
This commit is contained in:
parent
fc295ac2ac
commit
1a4d03e283
4 changed files with 61 additions and 28 deletions
|
@ -17,6 +17,17 @@
|
||||||
<name>KeyCloak Authz: Client API</name>
|
<name>KeyCloak Authz: Client API</name>
|
||||||
<description>KeyCloak AuthZ: Client API</description>
|
<description>KeyCloak AuthZ: Client API</description>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<keycloak.osgi.export>
|
||||||
|
org.keycloak.authorization.client.*
|
||||||
|
</keycloak.osgi.export>
|
||||||
|
<keycloak.osgi.import>
|
||||||
|
org.keycloak.*;version="${project.version}",
|
||||||
|
org.apache.http.*;version=${apache.httpcomponents.version},
|
||||||
|
*;resolution:=optional
|
||||||
|
</keycloak.osgi.import>
|
||||||
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.keycloak</groupId>
|
||||||
|
@ -50,4 +61,41 @@
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<!-- Adding OSGI metadata to the JAR without changing the packaging type. -->
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-jar-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<archive>
|
||||||
|
<manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
|
||||||
|
</archive>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.felix</groupId>
|
||||||
|
<artifactId>maven-bundle-plugin</artifactId>
|
||||||
|
<extensions>true</extensions>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>bundle-manifest</id>
|
||||||
|
<phase>process-classes</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>manifest</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
<configuration>
|
||||||
|
<instructions>
|
||||||
|
<Bundle-ClassPath>.</Bundle-ClassPath>
|
||||||
|
<Bundle-Name>${project.name}</Bundle-Name>
|
||||||
|
<Bundle-SymbolicName>${project.groupId}.${project.artifactId}</Bundle-SymbolicName>
|
||||||
|
<Import-Package>${keycloak.osgi.import}</Import-Package>
|
||||||
|
<Export-Package>${keycloak.osgi.export}</Export-Package>
|
||||||
|
</instructions>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
</project>
|
</project>
|
|
@ -32,6 +32,7 @@
|
||||||
<bundle dependency="true">mvn:org.jboss.logging/jboss-logging/${jboss.logging.version}</bundle>
|
<bundle dependency="true">mvn:org.jboss.logging/jboss-logging/${jboss.logging.version}</bundle>
|
||||||
<bundle>mvn:org.keycloak/keycloak-common/${project.version}</bundle>
|
<bundle>mvn:org.keycloak/keycloak-common/${project.version}</bundle>
|
||||||
<bundle>mvn:org.keycloak/keycloak-core/${project.version}</bundle>
|
<bundle>mvn:org.keycloak/keycloak-core/${project.version}</bundle>
|
||||||
|
<bundle>mvn:org.keycloak/keycloak-authz-client/${project.version}</bundle>
|
||||||
<bundle>mvn:org.keycloak/keycloak-adapter-spi/${project.version}</bundle>
|
<bundle>mvn:org.keycloak/keycloak-adapter-spi/${project.version}</bundle>
|
||||||
<bundle>mvn:org.keycloak/keycloak-adapter-core/${project.version}</bundle>
|
<bundle>mvn:org.keycloak/keycloak-adapter-core/${project.version}</bundle>
|
||||||
</feature>
|
</feature>
|
||||||
|
|
|
@ -5,12 +5,15 @@ Currently Keycloak supports securing your web applications running inside [JBoss
|
||||||
- Jetty8 adapter for both JBoss Fuse 6.2 and Apache Karaf 3, that include [Jetty8](http://eclipse.org/jetty/) server under the covers and Jetty is used for running various kinds of web applications
|
- Jetty8 adapter for both JBoss Fuse 6.2 and Apache Karaf 3, that include [Jetty8](http://eclipse.org/jetty/) server under the covers and Jetty is used for running various kinds of web applications
|
||||||
- Jetty9 adapter for both JBoss Fuse 6.3 and Apache Karaf 4, that include [Jetty9](http://eclipse.org/jetty/) server under the covers and Jetty is used for running various kinds of web applications
|
- Jetty9 adapter for both JBoss Fuse 6.3 and Apache Karaf 4, that include [Jetty9](http://eclipse.org/jetty/) server under the covers and Jetty is used for running various kinds of web applications
|
||||||
|
|
||||||
The Fuse example is slightly modified version of Keycloak base demo applications. The main difference among base demo is that for Fuse demo
|
**WARNING:** Running your applications inside standalone Apache Karaf may work, however we are testing just with JBoss Fuse and not with standalone Karaf server.
|
||||||
are applications running on separate Fuse/Karaf server. Keycloak server is supposed to run separately on Wildfly.
|
So if you really want adapter on standalone Karaf server, it's up to you to figure exact steps to have it working.
|
||||||
|
|
||||||
What is supported for Fuse/Karaf is:
|
The Fuse example is slightly modified version of Keycloak base demo applications. The main difference among base demo is that for Fuse demo
|
||||||
* Security for classic WAR applications deployed on Fuse/Karaf with [pax-war extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+War).
|
are applications running on separate Fuse server. Keycloak server is supposed to run separately on Wildfly.
|
||||||
* Security for servlets deployed on Fuse/Karaf as OSGI services with [pax-whiteboard extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+Whiteboard).
|
|
||||||
|
What is supported for Fuse is:
|
||||||
|
* Security for classic WAR applications deployed on Fuse with [pax-war extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+War).
|
||||||
|
* Security for servlets deployed on Fuse as OSGI services with [pax-whiteboard extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+Whiteboard).
|
||||||
* Security for [Apache Camel](http://camel.apache.org/) Jetty endpoints running with [camel-jetty](http://camel.apache.org/jetty.html) component.
|
* Security for [Apache Camel](http://camel.apache.org/) Jetty endpoints running with [camel-jetty](http://camel.apache.org/jetty.html) component.
|
||||||
* Security for [Apache CXF](http://cxf.apache.org/) endpoints running on their own separate [Jetty engine](http://cxf.apache.org/docs/jetty-configuration.html).
|
* Security for [Apache CXF](http://cxf.apache.org/) endpoints running on their own separate [Jetty engine](http://cxf.apache.org/docs/jetty-configuration.html).
|
||||||
Supports both securing JAX-RS and JAX-WS endpoints.
|
Supports both securing JAX-RS and JAX-WS endpoints.
|
||||||
|
@ -27,7 +30,7 @@ The customer-app-fuse invokes the endpoint to get data
|
||||||
* **cxf-jaxws** [Apache CXF](http://cxf.apache.org/) JAX-WS endpoint running on separate Jetty engine on [http://localhost:8282/PersonServiceCF](http://localhost:8282/PersonServiceCF).
|
* **cxf-jaxws** [Apache CXF](http://cxf.apache.org/) JAX-WS endpoint running on separate Jetty engine on [http://localhost:8282/PersonServiceCF](http://localhost:8282/PersonServiceCF).
|
||||||
The product-app-fuse invokes the endpoint to get data.
|
The product-app-fuse invokes the endpoint to get data.
|
||||||
|
|
||||||
Running of demo consists of 2 steps. First you need to run separate Keycloak server and then Fuse/Karaf server with the applications
|
Running of demo consists of 2 steps. First you need to run separate Keycloak server and then Fuse server with the applications
|
||||||
|
|
||||||
Base steps
|
Base steps
|
||||||
----------
|
----------
|
||||||
|
@ -74,25 +77,6 @@ features:addurl mvn:org.keycloak.example.demo/keycloak-fuse-example-features/1.9
|
||||||
features:install keycloak-fuse-6.3-example
|
features:install keycloak-fuse-6.3-example
|
||||||
```
|
```
|
||||||
|
|
||||||
Running demo on Apache Karaf 3.0.3
|
|
||||||
----------------------------------
|
|
||||||
|
|
||||||
Demo is using Apache camel and Apache CXF, which are not in standalone Karaf by default. So you will need to install feature repositories for both of them.
|
|
||||||
Next step is to add feature repository for main set of Keycloak karaf features and for the demo. Once all feature URLs are added, you just need to install `keycloak-fuse-example` feature,
|
|
||||||
which automatically installs all other needed stuff.
|
|
||||||
|
|
||||||
Once you run Apache Karaf, you need to run these commands from Karaf console (Make sure to replace keycloak versions in the example with actual Keycloak version):
|
|
||||||
|
|
||||||
```
|
|
||||||
feature:repo-add mvn:org.apache.camel.karaf/apache-camel/2.15.1/xml/features
|
|
||||||
feature:repo-add mvn:org.apache.cxf.karaf/apache-cxf/3.0.4/xml/features
|
|
||||||
feature:repo-add mvn:org.keycloak/keycloak-osgi-features/1.9.4.Final/xml/features
|
|
||||||
feature:repo-add mvn:org.keycloak.example.demo/keycloak-fuse-example-features/1.9.4.Final/xml/features
|
|
||||||
feature:install keycloak-fuse-example
|
|
||||||
```
|
|
||||||
|
|
||||||
Now you can test example applications similarly like described for "JBoss Fuse 6.2" section.
|
|
||||||
|
|
||||||
|
|
||||||
How to secure your own applications
|
How to secure your own applications
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
|
@ -70,15 +70,15 @@ may be still able to access MBeans remotely via HTTP (Hawtio). So make sure to p
|
||||||
really protect JMX mbeans.
|
really protect JMX mbeans.
|
||||||
|
|
||||||
|
|
||||||
SSH and JMX on JBoss Fuse 6.2 and Apache Karaf 3.0.3
|
SSH and JMX on JBoss Fuse 6.2
|
||||||
----------------------------------------------------
|
-----------------------------
|
||||||
For SSH steps are very similar to above for 6.1. In JBoss Fuse 6.2 you may need to install `ssh` feature as it doesn't seem to be installed here by default.
|
For SSH steps are very similar to above for 6.1. In JBoss Fuse 6.2 you may need to install `ssh` feature as it doesn't seem to be installed here by default.
|
||||||
|
|
||||||
```
|
```
|
||||||
features:install ssh
|
features:install ssh
|
||||||
```
|
```
|
||||||
|
|
||||||
For JMX, the steps are similar like for Fuse 6.1, however there is more fine grained authorization for JMX access in Fuse 6.2 and Karaf 3.
|
For JMX, the steps are similar like for Fuse 6.1, however there is more fine grained authorization for JMX access in Fuse 6.2.
|
||||||
|
|
||||||
Actually if you login as user `admin`, you have very limited privileges without possibility to do much JMX operations as this user has just `admin` role, which is not allowed to do much in JMX.
|
Actually if you login as user `admin`, you have very limited privileges without possibility to do much JMX operations as this user has just `admin` role, which is not allowed to do much in JMX.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue